5 Privacy Trends for 2025: What to Watch For
Heraclitus said that “The only constant in life is change,” but...
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: December 14, 2023
When it was enacted in 1988, the Video Privacy Protection Act (VPPA) was meant to protect consumer data from being shared by video rental companies like Blockbuster. As video rentals have given way to streaming, however, its application has evolved.
Class action lawsuits have cropped up throughout the United States, including dozens of filings against Meta’s Pixel tracking tool — they assert that Meta’s pixel tool use violates the VPPA by tracking viewing history and protected consumer data. And this is just one of many ways the VPPA has been interpreted in the last 35+ years.
As rulings based on this law continue to transform in the digital age, businesses face uncertainties regarding online practices.
Initially, the VPPA aimed to hold videotape service providers liable for knowingly disclosing personal information without written consent. Until 2022, the VPPA was rarely cited in consumer privacy lawsuits. These cases reframed “video tape service providers” as any website with video content and user-tracking pixel tools. Additionally, users don't need to be paying customers to assert a VPPA claim.
Recent legal disputes underscore the complexity of data sharing in the online space, where user expectations clash with a lack of legislation for data governance. The wave of VPPA claims in 2023 has resulted in over 70% being dismissed by a judge or voluntarily before the defendant responded. In Carroll v. General Mills, the court dismissed the claim of video data sharing when the videos in question were “a peripheral part of its marketing strategy.”
The two largest settlements involving video data tracking – Sony Corp. and the Boston Globe – have largely limited the law’s reach to businesses and websites that offer video content. At a minimum, companies violating the VPPA may pay a fine of up to $2,500, plus punitive damages, attorney fees, litigation costs, and additional equitable relief.
But even the minimum legal costs to file a motion to dismiss can be avoided with proactive data management.
To mitigate any risks associated with the VPPA, you need to invest in privacy compliance. In general, your company should aim to disclose all of your tracking methods and give your customers the option to decline tracking. These four tips will guide you in that direction and potentially help you avoid unnecessary litigation.
Complying with the VPPA today demands the same commitment to transparency as it did when enacted in 1988. Communications should answer key questions about how data is collected, processed, and shared with third parties, such as:
As consumers demand more data privacy, being clear about how data is used and limiting how much is collected will reinforce trust. Some businesses create an easy-to-understand Privacy Policy, others like The Guardian create a video to simplify the process for users.
Obtaining explicit consent from users before collecting any data is vital. Proactive consent can be as simple as incorporating proper language into cookie preference banners. For example, a GDPR-compliant consent form must:
Prioritizing user awareness and control over how data is used reflects your commitment to privacy best practices.
Cookie preference centers serve as a user-friendly way to manage consent choices. But you can’t create a cookie policy and leave it alone — it needs to be updated routinely. By regularly updating these windows, businesses can easily reflect changes in data practices and offer up-to-date control over the latest privacy options.
Any time you add new cookies or make updates to comply with new data laws you have the opportunity to audit your policies. For instance, the Utah Consumer Privacy Act (UCPA) – one of many state laws that requires businesses to inform consumers on how data is used – goes into effect on December 31, 2023 and mandates a privacy notice that includes:
With tracking tools like Meta’s Pixel serving as a common target for VPPA claims, minimizing your exposure to this type of tracking is a proactive strategy. Data collecting technologies should be tailored to limit the data they collect or share by:
Partnering with Osano helps keep data privacy compliance simple for your organization – from starting your privacy program to reducing risk and sustaining customer trust.
Rather than reacting to privacy challenges, our consent solutions can help you take a proactive stance in identifying and managing VPPA risks to reduce potential fines or penalties — before they happen.
From initial assessments to adapting to regulatory changes, Osano ensures that your business remains well-prepared to navigate the complexities of the VPPA and other data privacy regulations.
Stay ahead of shifting regulatory landscapes and protect your business with Osano's comprehensive platform. Schedule a demo today.
If you tackle the steps in this data privacy compliance checklist in order, you should be in a good place to tailor your privacy program for compliance with the laws that matter most to your organization.
Download Now
Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.